A – Z of Cybersecurity

Whether you are an IT expert, use the computer at work or at home or just use the internet for fun, this article is for you. Cybersecurity is no longer the responsibility of the security engineers, rather everyone is responsible for enhancing cybersecurity.
This article provides explanation to common cybersecurity terms that you should be known to the most basic users of the internet.

 

  1. Adware: Adware, which is short for advertising software is unwanted software designed to run endless advertisements and pop-ups on your device. Adware is usually made for computers but you may also find versions for mobile devices. These applications are potentially harmful to you and your device as they send data about you to the developers without your consent after you install them unknowingly, either by visiting an infected website or installing them while installing a free software. They can be stopped and prevented with an antivirus and ensuring that your browser has the latest patches.
  2. Botnet: A botnet, formed from the words “robot network” is a collection of bots – compromised devices controlled by a bot master for the purpose of spamming or launching a Distributed Denial of Service(DDoS) attack. Any device connected could be part of a botnet as long as they’ve been compromised by the botmaster.
  3. Cryptography: Cryptography is the knowledge of the protection of information and communication through the use of codes so that it is unreadable to third parties unauthorized to have access to it.
  4. Dictionary attack: This is a form of brute force attack technique for cracking a password computer system or website by systematically using a large set of words in a dictionary as the password. This form of attack still works people a lot of people still use basic dictionary words as passwords.
  5. Encryption: This is the process of changing or encoding data to a form that cannot be readable to parties that are not authorized to have access to it, or has the encryption key to decrypt it.
  6. Freeware: Freeware is software that you can download, install and use without cost. Most of the linux-based software used for hacking is freeware with a voluntary option to donate to the developers. However, one should be wary of unverified freeware as some are used to embed virus and adwares.
  7. GDPR: GDPR, which is an acronym for General Data Protection Regulation standardizes protection law across all 28 European Union countries and sets rules for the control and processing of personal data and impose sanctions for organization that mishandle this sensitive data.
  8. Honeypot: In cybersecurity, a honeypot is an advanced cyber defense mechanism where a computer system is set to decoy cyber attackers. it is set up as a real system but in actuality it is isolated and closely monitored to study prospective attacks and develop countermeasure against them.
  9. Incident Response: this is an organized, documented step-by-step approach to addressing and managing a cyberattack. It is in place to contain a security breach, reduce further damage and loss, and speed up recovery time.
  10. JavascriptJavaScript is a high level interpreted programming language. It is one the most widely used programming language on the internet. Therefore, to be able to hack a website and provide web security on a general level, one needs to know a bit about how it works.
  11. Keylogger: A keylogger is a software or hardware device that records all keystrokes on a computer keyboard. It is usually used as a trojan spyware that runs without the knowledge of the victim and sends keystroke logs of the victim’s computer to the attacker.
  12. Linux: Linux is one of the most popular operating systems. It is the most used open source operating systems to date. Linux is the preferred operating system for hacking and there are various versions of it, the best of which is Kali linux which comes with various applications that can aid hacking and cybersecurity as a whole.
  13. Malware: malware is a general term for malicious software, which could include virus, trojans, worms, spyware or any piece of code in a system to disrupt the normal flow of the system for criminal purposes .
  14. Nmap: which is short for Network Mapper, is a free open-source software used for security scanning of devices and networks. It is the typical software for vulnerability scanning and network mapping.
  15. Open Source: software is a type of software of which the source code is released and can be studied, changed and distributed for free by users or other developers as they deem fit. Open source software is usually developed as public collaboration.
  16. Penetration Testing: This is the practice of running controlled attacks a network system, IT infrastructure, web application or end-user behavior to find vulnerabilities that a threat actor could exploit. Penetration tests are also called white-hat hacking as they are done by white-hat hackers that are usually employed by the organization to carry out such exercise.
  17. Quarantine: Quarantine is a function that antivirus software performs on a file that it is unsure of whether it is a virus or not. The software isolates the file while it determines whether it is harmful or not. During this isolation, the file is unable to run.
  18. Ransomware: Ransomware is a malicious software which encrypts a victim’s files. This allows hackers to hold the victim to ransom by restricting them to from using their computer system until a ransom is paid.
  19. Social Engineering: This is the technique of eliciting sensitive information and/or manipulating individuals into performing actions that may result in a security breach. Victims of social engineering do not know they’ve been compromised until much later.
  20. Trojan Horse: Usually just called trojan, this is a software that is disguised as a legitimate or harmless software but in actual fact runs another (usually malicious) program underneath which is capable of disrupting the normal flow of a system, hacking or spying on a system.
  21. Unauthorized access: This refers to illegal access to a resource, be it a website, server, account, data or service. It is what is often referred to as hacking.
  22. Vulnerability: A vulnerability is a weakness which can be exploited by an attacker. It could be weak passwords, protocol/system design flaws, software bugs.
  23. Worm: Worms are self-propagating and self-replicating types of malware that do not need to be attached to another program to cause havoc or spread. They use networking mechanisms to spread themselves.
  24. XSS: This stands for Cross-Site Scripting and it refers to a vulnerability found in website applications. A cross-site script vulnerability can be used by attackers to bypass access controls rules.
  25. You: You are also part of cybersecurity. You and everybody else is responsible for the security of your organization’s infrastructure and data. If you aren’t secure, then your organisation is as vulnerable as you are. An organisation is only as strong as the weakest link.
  26. Zombie: A zombie in cybersecurity context is a computer that is already compromised/infected and is being controlled remotely by the hacker to perform malicious activities. Most of the time owners of these devices are unaware of this compromise and a group of these zombies is referred to as a botnet.

3 Cutting-Edge Open Source Tools Taking Endpoint Security To The Next Level

The days of simple endpoint security by way of basic antivirus software is over. Antivirus software works by detecting viruses when they have the signatures of the particular virus in their database, but in today’s day and age, viruses have evolved to the point where antivirus software is not able to detect them on time in order to sandbox them and mitigate their effects. Scanning, screening and protecting endpoints from viruses has become a complex process and in reality, a something that any organisation should consider compulsory. Unfortunately, most antivirus or anti-malware tools available today only find a small fraction of potential infections from constantly adapting attackers.

 

It’s no secret that distributing malware is a growing business, and the malware epidemic shows no signs of slowing. It has become easier to create and obtain botnets, crypts and zero-day exploits needed to pull high level attacks as malware creation and management education is on the rise. Therefore, it is crucial for organizations to employ the use of stronger security options that do more than traditional anti-virus software, while retaining these functions.

By using endpoint security platforms, cybersecurity engineers are able to monitor, detect, investigate and mitigate suspicious activities and issues on endpoints while learning about various attack life cycles.

Endpoint security platforms should be built on these basic principles for increased efficiency.

  1. They should do more than just protection or prevention, they should have detection and behavioral analysis capabilities to mitigate attacks early on.
  2. They should correlate data across the whole environment so that the system as a whole can learn and is able to easily mitigate similar attacks.
  3. They should be able to monitor the endpoints and its activities without interfering with the normal workflow of the endpoints.
  4. Good data visualization should be employed to display results for the benefits of technical as well as non-technical users.

Of course, elements of good endpoint security platforms are not limited to these, but these are the most basic points to look out for when considering endpoint security platforms.

 

These days, there are numerous advanced endpoint detection and response tools (EDR) that find, mitigate and block the most subtle attacks.

 

In this post, we will be reviewing three open source tools that take endpoint security to the next level by proactive monitoring and looking closely for threats. They evaluate threats learned and mitigated from each endpoint in a larger ecosystem by examining individual processes on each endpoint and sometimes combining it with the best aspects of network intrusion detection for better security. Each of these are open-source, which has the advantage for the end user of being free. Though there are paid endpoint security platforms available, no single product can offer absolute security, and one has to make compromises or choose one that works best with the particular situation. These open source tools are good enough for sufficient endpoint security for most situations, especially for SMEs who are concerned with keeping costs down.

OSSEC:

OSSEC is an open-source host based intrusion, detection and prevention system (HIPS) that performs both signature based and profile analysis, real-time integrity monitoring and tracking of endpoint activities, and prevents endpoint intrusion. It supports most operating systems including Windows, Linux, Solaris, and others. OSSEC performs log analysis – you are able to see everything that goes on with the endpoints in question. OSSEC collects, analyses and correlates these logs so you can notice any attack, misuse or anomaly. It also performs  file-integrity checking – every attack on your endpoints change a configuration, so the goal of file-integrity checking is to detect these changes in real-time and alerts you whenever they happen no matter how subtle they are. Windows registry monitoring is also part of OSSEC’s features- this feature is particular to the Windows Operating System. OSSEC identifies rootkits and can mitigate related attacks and provides active response with time-based alerting.

This is a very powerful endpoint detection and response security tool and it supports both agent-based and agentless monitoring. It also has a cross-platform architecture that enables you to monitor multiple systems from a centralized location.

 

Security Onion:

The official catchphrase of Security Onion is “peel back the layers of your network”. Security Onion is a free Linux distribution for intrusion detection, enterprise security monitoring and log management. It works with many other security tools to achieve better efficiency. It is a distinct operating system on its own used for enterprise security management amongst other things. Though it might be expected that due to it being an operating system, it would be difficult to install and work with, this fortunately isn’t the case. This great tool is rather useful when you are pressed for time because the installation is straightforward, as is working with it.

Security Onion integrates three core functions; it is able to perform full packet capture, it has network-based and host-based intrusion detection capabilities, and it serves as a powerful analysis tool.

It is able to do all these and get enough data due to the accompanying security tools that can work with it, amongst which are Snort and Suricata for rule based and analysis based network intrusion detection respectively. It also works with our very own OSSEC for Host based intrusion detection, and Squil and Kibana for data analysis.

 

Tripwire:

If you want to become more efficient with  managing your security infrastructure, Tripwire is another perfect tool for you. It is available as both an open-source version and full-fledged Enterprise version. The open-source version is a very effective tool, though it is worth noting that the Enterprise version does have more features than the open source version. Just like the other tools mentioned above, Tripwire is able to do configuration management, file-integrity monitoring, asset discovery, vulnerability and log collection. However, the open-source version will only run on Linux and Unix machines, with no support for Windows – though support for Windows is provided for the Enterprise version.

Tripwire monitors Linux systems to detect and alert users to unauthorized changes to files and directories. It creates a baseline of all files in an encrypted file and monitors the files for changes such as  permissions, internal file changes and timestamp details. Cryptographic hashes are then used to detect changes in files without storing its entire content in the database. Tripwire is useful for discovering intrusions after they’ve occurred, and can also serve many other purposes including policy compliance, integrity assurance and change management.

The list of open-source endpoint security platforms is constantly growing. This is critical because cyber-attacks have become a profit-making business and attackers are unrelenting in their efforts to commit cyber-crimes. Thanks to the effort of the creators of open-source tools, attacks can be mitigated and nipped in the bud, and malware can be studied and analyzed to make cybersecurity easier in the future.

 

 Cyraatek is a security consulting outfit that specializes in installation and management of open source and enterprise endpoint security platforms among other services. Contact us today.